Tiny Core Linux

Tiny Core Base => TCB Q&A Forum => Topic started by: dschlic1 on May 04, 2012, 08:43:34 AM

Title: Recommendations for packet sniffing install
Post by: dschlic1 on May 04, 2012, 08:43:34 AM
I would like some recommendations on using a minimal linux installation to be used for ethernet packet sniffing and analysis. I currently use Wireshark running under Windows. It works but has some issues. In particular the standard Windows uses many tasks which produces and recieves packets via the ethernet interface. This results in packets showing up on the capture that are need to be ignored.
I use the packet sniffing to debug ethernet communications between different types of industrial equipment. So I do not want the sniffer producing packets of it's own. I think achieving this goal might be easier using Linux than Windows. I might add that I will only be using a wired interface.
I am looking at starting with Tiny Core because it probably already has many task and programs removed, and I can get it to boot from a USB flash drive. So I would like some advice as to how to modify the standard distro (if needed) to eliminate all taks and programs that would send packets via the ethernet interface.
Title: Re: Recommendations for packet sniffing install
Post by: bmarkus on May 04, 2012, 08:44:54 AM
Wireshark?
Title: Re: Recommendations for packet sniffing install
Post by: dschlic1 on May 04, 2012, 08:55:18 AM
Google wireshark (can't post link)
While the web shows just Windows versions, it appears that most Linux distros also include it.
Title: Re: Recommendations for packet sniffing install
Post by: bmarkus on May 04, 2012, 08:58:53 AM
Google wireshark (can't post link)
While the web shows just Windows versions, it appears that most Linux distros also include it.

Like Tiny Core Linux
Title: Re: Recommendations for packet sniffing install
Post by: Rich on May 04, 2012, 09:14:45 AM
Hi dschlic1
Welcome to the forum. I use Wireshark when I want to examine network traffic and it works well under Tinycore.
I just fired it up to trace all traffic, and once I closed a chatty tab on my browser, the only traffic that showed up was
my machine sending an echo request to my server because I have a remote drive mounted followed by an ARP,
both with responses. This sequence repeats every 60 seconds. In addition, I know the Samba server I'm connected
to will announce itself every 15 minutes or so just like a Windows share would.
Title: Re: Recommendations for packet sniffing install
Post by: curaga on May 04, 2012, 10:30:03 AM
Only DHCP would send traffic by default. Use a static IP and there's nothing.